[godawgs]

Windows C is the hard disk with the operating system on it so go ahead and make the restore point.

[Advertisements]

Once the computer has booted into a clean boot state, right click on the file on the desktop and click Run as Administrator


sorry what file am I right clicking?

[dustypink]

Once the computer has booted into a clean boot state, right click on the file on the desktop and click Run as Administrator


sorry what file am I right clicking?

[godawgs]

The Windows6.1-KB2779562-x64.msu file that you should have downloaded to the desktop in Step 1 of post #74.

[dustypink]

I have done all this now the computer is ok at the minute,however when I turn it off and start it up when I have put in my password it goes to a blue screen for 30 seconds before going to desk top

[godawgs]

There used to be a bug that cause a 30-second logon delay if your desktop background was set to a solid color. Is your background set to a solid color?

[dustypink]

I have no idea what my background colour is set to sorry

[godawgs]

When your desktop comes up is it a picture or a solid color?
Do you get any messages or error codes when the blue screen comes up?

[dustypink]

no the whole screen is blue and no message its there for 30 seconds then desk top appears

[godawgs]

Hi,


Step-1.

Let's change the background and see if that helps. Click here and follow the instructions to change the background picture and then reboot the computer and see if that resolved the problem.

If that didn't solve the problem, check your installed updates and see if you have the KB980408 update installed on your computer. To do that:


Step-2

• Click the Start Orb and click Programs and Features
• On the Programs and Features page click View Installed Updates. Under the Microsoft Windows section look for the KB980408 update.
• If it isn't installed, click here and complete the verification process then download the update to the desktop.
• Close all windows and browsers.

NEXT, go to Step 2 in post #74 and create a new Restore Point before installing the update. Give the Restore Point a name of Before KB980408 Update.
NEXT, right click the downloaded update and click Run as Administrator to install the update.


Step-3.

Let me know if the problem is still there.

[dustypink]

the update I downloaded ..when I right click there is no run as administrater

[godawgs]

Then just double click it.

[dustypink]

I have logged off and logged in again and the laptop seems to be ok now

[godawgs]

That's good news. If there are no further issues it's time to clean up.


OK! Well done. Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb , click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer.

You can uninstall Speccy also if you don't want to keep it.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner

• Click the Uninstall button
• Confirm with yes

Step-3.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.

• :COMMANDS
  [createrestorepoint]
  
  :REG
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "TCP Query User{94720F2E-1593-46F1-88B4-14970699CF72}C:\users\amanda\appdata\local\microsoft\windows\temporary internet files\content.ie5\htl92x0o\utorrent.exe" = -
  "UDP Query User{17A37679-4B24-4464-A672-3443FE1072E0}C:\users\amanda\appdata\local\microsoft\windows\temporary internet files\content.ie5\htl92x0o\utorrent.exe" = -
  
  :COMMANDS
  [EMPTYTEMP]
  

• Please re-open on your desktop.
• Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
• Click the button.
• Let the program run unhindered. When finished click the OK button and close the log that appears.
• NOTE: I do not need to review the log produced.
• OTL may ask to reboot the machine. Please do so if asked.

2. Please re-open on your desktop.

• Be sure all other programs are closed as this step will require a reboot.
• Click on
• You will be prompted to reboot your system. Please do so.

The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

Folders
C:\Users\amanda\AppData\Roaming\Funmoods
C:\Users\amanda\AppData\Roaming\uTorrent

Files
checkhd.txt
MBR.dat
SecurityCheck.exe
checkup.txt
Windows6.1-KB2779562-x64.msu
Windows6.1-KB980408-x64.msu

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

For Vista and Windows 7
1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Appearance, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:

• Click the Start Orb. Click Control Panel. Click System and Maintenance
• Click System
• In the left column under Tasks, click Advance System Settings and accept the warning if you get one
• Click the System Protection Tab
• In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
  
  Note: It may take some time for the system to populate the Available Disks box, so be patient.
  
• Click the Create button at the bottom
• Type in a name fo the restore point, i.e: Clean
• Click Create
• A small System Protection window will come up telling you a Restore Point is being created.
• Another System Protection window will come up telling you the Restore Point has been created, click OK
• Click OK again.
• Close the Control Panel

Now we can purge the old Restore Points

• Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
• Copy and Paste the following in the Run box:
  

  cleanmgr

• Click OK
  A Disk Cleanup Options popup will open
  
• Click Files from all users on this computer
  
  A Drive Selection popup will open
  NOTE: You will not see this window unless you have more than one drive or partition on your computer.
  
  If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
• Select the system drive, C:\ and click OK.
  
• For a few moments the system will make some calculations
  
  
• The Disk Cleanup Window will open:
  
  
• Click the More Options tab.
• Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
  
  
• In the Disk Cleanup dialog box, click Delete (See screenshot below).
  
  
• You will get a Disk Cleanup confirmation (See screenshot below)
  
• Click Delete Files, and then click OK.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

• For Firefox, install the NoScript add-on.
• For Chrome, install the Script-No add-on.
  NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
• Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to keep Java

• Click the Start button
• Click Control Panel
• Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

• Open Adobe Reader
• Click Help on the menu at the top
• Click Check for Updates
• Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.

• NoScript - for blocking ads and other potential website attacks
• WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
• McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

:Install the MVPs Hosts File:

• MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

• Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
• SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
• SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
• WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

• TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
• CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

:BACKUPS:

• Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
• ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe
godawgs

[dustypink]

I have done all this but the computer seems to be running slow

[godawgs]

We have run the file checker and the disk checker. Security Check didn't show and hard disk fragmentation. Let's get a new OTL scan and see if anything has crept back in.

OTL

• Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)
• (Vista and 7 users:) right click on the icon and click Run as Administrator. Make sure all other windows are closed and let it run uninterrupted.
• You will see a console like the one below:
  
  
  
• Check the box beside Scan All Users at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open two notepad windows, OTL.Txt will open on the desktop and Extras.Txt will be minimized on the taskbar. These are saved in the same location as OTL.
• Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.